Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Rights Management Services (RMS) is a client/server technology that provides information protection through content encryption and fine-grained policy definition and enforcement. The RMS: Client-to-Server Protocol [MS-RMPR] enables the creation and consumption of protected content and describes the functionality provided by the RMS client. However, there are additional scenarios that are not supported by the RMS: Client-to-Server Protocol:
Decommissioning protected content
Precertifying a user
Republishing content
Prelicensing content
Decommissioning is the process by which RMS protection can be completely removed from content. Precertification is the process by which a user's public key can be acquired. The requestor can use that public key to prelicense protected content, which enables the content to be delivered with the appropriate authorization token bound to the recipient user. Republishing is the process by which the rights granted in an issuance license (IL) can be altered by issuing a new IL with the same content key as the original.
To accomplish these operations, an application can make requests directly to the RMS server using the RMS: Independent Software Vendor (ISV) Extension Protocol.
Figure 1: Typical roles in the RMS system
For the basic creation and consumption of protected information (or content), the RMS system involves three active roles: the creator, the consumer, and the RMS server. The creator and consumer are both typically roles of the RMS client. The interactions between the RMS client and the RMS server are described in the RMS: Client-to-Server Protocol Specification [MS-RMPR].
Figure 2: Roles in the RMS system that use the RMS: ISV Extension Protocol
In a more complicated system, a creator, a consumer, and an RMS-enabled server application (such as a messaging transport) can be involved. In this situation, these roles are better modeled as applications which interact with the RMS client, and optionally, interact directly with the RMS server.
Figure 3: Relationships between the application, the RMS client, and the RMS server
While the RMS: Client-to-Server Protocol [MS-RMPR] supports the most common scenarios for the creation and consumption of content by an application in the RMS system, the RMS: ISV Extension Protocol can be used when additional functionality is required to enable the application to communicate directly with the RMS server. The RMS: ISV Extension Protocol provides the following interfaces to support these more advanced scenarios:
Decommissioning: Enables RMS protection to be completely removed from protected content. When enabled on the RMS server, the Decommissioning interface accepts a publishing license and returns the content key from that license.
Precertification: Enables protected content to be delivered with an authorization token for the recipient user. The Precertification interface is used to retrieve the public key of the specified user.
Republishing: Enables a new IL to be created by using the same content key as an existing IL. The Republishing interface is used to alter the set of rights granted by an IL.
Prelicensing: Enables protected content to be delivered with an authorization token for the recipient user without requiring a precertification request. The Prelicensing interface is used to retrieve a use license for the specified user.